📦

serve-static

Vendor: serve-static_project

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.61% Exploit Prob.

Latest CVE CVE-2024-43800 Sep 10

Security Vulnerability Index

Page 1 / 1

5.0 CVSS

CVE-2024-43800

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

EPSS: 0.92%

Severity: MEDIUM

Sep 10, 2024

4.3 CVSS

CVE-2015-1164

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.

EPSS: 0.30%

Severity: MEDIUM

Jan 21, 2015

Displaying 2 of 3 Total Entries

Total 1 Sections